osCommerce Extra Security

This is post is now quite old and the the information it contains may be out of date or innacurate.

If you find any errors or have any suggestions to update the information please let us know or create a pull request on GitHub

Like any web application, osCommerce can suffer from security problems such as SQL Injection attacks or famously the email form exploit which allow hackers to gain access to data they shouldn’t have access to or in the case of the email form exploit, to use your machine to send thousands of spam emails.

Here are some osCommerce customisations to improve the security of your store

Security Pro Sitemonitor IP Trap .htaccess Protection Anti-XSS

You might also want to run a PCI compliance scan, there are some free ones around for example this one


Tags: edmondscommerce